Children’s Online Privacy Protection Act (COPPA) — Minc Law

  1. Setting requirements for a privacy policy on websites and platforms;
  2. Requiring verifiable parental consent before collecting data from children under 13;
  3. Outlining rules for the handling of children’s data once it has been collected.

Overview of COPPA

  • What should be included in a privacy policy;
  • When and how to seek verifiable consent from a parent or guardian;
  • The website operator’s responsibilities to protect children’s privacy online, including restrictions on marketing.

What Are the Goals of COPPA?

What Significant Changes Have Been Made to COPPA Since It Was First Passed?

Who is Affected by COPPA?

  • Direct the websites to children in the United States, or
  • Knowingly collect personal information from children in the United States.

What Does “Personal Information” Mean under COPPA?

  • Full or partial names,
  • Home or other physical addresses,
  • Email addresses,
  • Phone numbers,
  • Social security numbers,
  • Photographs,
  • Geolocations,
  • Similar information used to identify children.

How COPPA Works

Business/Website Operator Requirements

  • Provide notice of the kinds of data that the website operator collects,
  • Provide details about how the operator uses that data and how the data is shared with others,
  • Obtain verifiable parental consent for the collection, use, or disclosure of personal information obtained from children.

What is Verifiable Parental Consent?

  • Contact information collected from a child is used on a one-time basis only to respond directly to a specific request from the child and is not used to recontact the child. That information is not retained or disclosed by the website operator.
  • Disclosures are made to:
  • Protect the security or integrity of the website;
  • Take precautions against liability;
  • Respond to a judicial process;
  • Provide information to law enforcement agencies or for an investigation on a matter related to public safety, to the extent permitted under other provisions of law.
  • A description of the specific types of personal information collected from the child by the operator
  • The opportunity to refuse to permit the operator’s further use or maintenance in retrievable form or future online collection of personal information from the child
  • A reasonable means for the parent to obtain the personal information collected from a child

Parental Rights Under COPPA

How Does a Website Operator Know Whether Children Are Using Their Service?

  • A portion of their intended audience is children,
  • The website involves child-oriented activities or subject categories such as animated movies or educational resources,
  • The website operator has any actual knowledge or evidence available about the age distribution of users.

Significant Court Cases Interpreting COPPA

California Dental Association v. Federal Trade Commission

Google, Inc. & YouTube Case Settled For $170 Million


YouTube Channel Owners & COPPA: Is Your Content “Made For Kids?”

What Are Civil or Criminal Remedies For COPPA Violations?

  • The extent of the violations,
  • How many children were involved,
  • Whether the website operator has violated COPPA regulations before,
  • How much and what kind of personal information was collected,
  • How the website operator used the information,
  • The offending company’s size.
  • Failing to provide notice on their website of personal information they collect from children, how the information is used, and their disclosure practices;
  • Failing to provide direct notice to parents;
  • Failing to get consent from parents before collecting children’s personal information;
  • Failing to delete personal information collected from children upon parent requests;
  • Retaining the personal information for longer than reasonably necessary.

How Can Website Operators Violate COPPA?

What Should You Do if You Believe Your Business May Have Violated COPPA?

  • What information you collect,
  • How you collect it,
  • How it is used,
  • Whether it is necessary to collect that information based on the nature of your website or online service,
  • Whether your privacy statement includes all necessary notices and information,
  • Whether you have adequate mechanisms for providing parents with notice and obtaining verifiable consent,
  • Whether parents can review and delete children’s information from your service.

Remedies For COPPA Violations

What Steps Should You Take to Stay in Compliance With COPPA?

  • The contact information (name, address, phone number, email address) of the website operators who collect or maintain personal information through your website (or the designated agent who handles inquiries about your data retention practices);
  • The types of personal information the website operators collect from children;
  • Whether the information collected from children is publicly available;
  • How the operator uses the information collected from children;
  • Under what circumstances the operator would disclose that information;
  • Notification to parents that they may review and request the deletion of their children’s personal information currently retained by your website;
  • Notification that the parents may refuse to allow the collection of similar information in the future — including specific procedures for making such requests.
  • Providing a consent form to be printed, signed, and returned to the website operator,
  • Requiring the parent to enter a credit card that provides notices of each transaction to the parent-account holder,
  • Other means reasonably calculated to obtain the consent.

Defenses & Exceptions Safe Harbors (15 USC § 6503)

  • Aristotle International Inc.
  • Children’s Advertising Review Unit (CARU)
  • Entertainment Software Rating Board (ESRB)
  • iKeepSafe
  • kidSAFE
  • Privacy Vaults Online, Inc. (d/b/a PRIVO)
  • TRUSTe

Privacy: An Essential Concern for All



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store